webshell

This repository is a collection of webshell scripts gathered for research and testing purposes. A webshell is a script uploaded to a web server that allows remote control of that server through a browser. Security professionals, penetration testers, and researchers use collections like this to study how such tools work, test detection systems, or understand attack techniques. The repository's README is primarily in Chinese, with English and Turkish translations linked.

The collection covers scripts written in several common server-side languages: PHP, ASP, ASPX, JSP, Perl, and Python. Contributors have added shells from various sources over time. The project notes that it cannot guarantee any of the submitted scripts are free of hidden backdoors, though the author states they have not intentionally added any themselves. Anyone submitting scripts is asked not to add backdoors, and issues should be filed if any are discovered.

The README also lists around twenty related webshell projects on GitHub, and a set of web management tools commonly used alongside webshells in security research contexts, including several Chinese-origin tools like AntSword and Behinder.

The repository is explicitly restricted to testing and educational use. The author states that any illegal activity carried out using materials from this project is the sole responsibility of whoever carries it out, not the project maintainer. The project is licensed under MIT and releases are available as downloadable archives from the GitHub releases page.